Deep Packet Inspection

10/12/2017

Introduction

Deep packet inspection or DPI is now a fast growing application area, both in terms of technology and market size. Performance has increased and costs have been reduced, increasing the potential applications for DPI platforms.

Markets and Markets estimated in their 2016 report that the DPI market would grow from USD 7.01 Billion in 2016 to USD 18.60 Billion by 2021, at a CAGR of 21.6%. They cite the evolution of new ways of cyber-attacks, need for modern network performance management and optimization solutions, and advancements in communication technology to be some of the major driving factors.

The ability to open data streams, inspect their contents and make decisions based on what is found is at the core of DPI. This power to “inspect” is extremely attractive to many Advantech customers when they consider the variety of decision-based applications that can be layered onto the DPI on extremely powerful high-end network appliances.

The Challenge

Traditionally, DPI was the realm of hardware-based accelerated packet processing and made broad use of custom or proprietary network adapters based on FPGAs or proprietary silicon in the form of Network Processors, known as NPUs, sourced from several foundries. The use of specialized hardware for accelerating packet inspection on a broad range of high speed network traffic types, made DPI solutions expensive, tied to just few vendors, making open system development a challenge.

The Solution

Now, with high-end processing capacities in Intel architecture processors, coupled with the open source Data Plane Developers Kit (DPDK) and Hyperscan technology libraries that deliver high-performance multiple regex matching, DPI functionality is being embedded directly into the network on a larger scale. Using Intel® Xeon® processors, traffic can be analyzed in real-time as pattern matching algorithms allow specific packet payloads to be recognized. Once a packet is identified, choices can be made based on the application intent. The applications where DPI can make a positive impact are broad ranging. Here are a few examples:

Multi-Level Service Provision – Once different styles of content can be identified, a carrier can choose to send different packet streams over different quality and/or speed networks. This has the potential even to be user–or tariff–based.

DRM – The entertainment industry has become very interested in DPI as a way to prevent the illegal sharing of copyrighted materials.

Content regulation – The use of DPI in order to identify illegal or “undesirable” content continues to stimulate much debate.

Figure 1. Overview of Bump in the wire DPI services

Performance is undoubtedly one crucial element of any DPI solution but so is cost, as proprietary solutions are very expensive. Advantech’s FWA-6520 High-Performance Intel® Xeon® based Network Appliance addresses both aspects and can deliver wire-speed packet processing, at a significantly better price/performance ratio than a proprietary solution.

Figure 2. Advantech FWA-6520

Performance is undoubtedly the key element of DPI solutions and the FWA-6520 delivers on all scores. With 80 PCIe Express lanes, the FWA-6520 can support up to 8 Network Mezzanine Cards (NMC) for modular, configurable networking I/O and acceleration. All NMC slots provide enough bandwidth to support a wide range of GbE, 10GbE, 40GbE and 100GbE LAN modules. Based on the Intel® Xeon® architecture and DPDK, platform-tuned acceleration software increases packet processing throughput by up to 10x over a standard Linux port, enabling faster packet movement and processing in DPI more economically than on proprietary hardware solutions.

Scalability. The Advantech FWA-6520 is available in up to 22 cores Intel® Xeon Processor to offer the good performance level which matches to the workload for DPI deployment in volume. Socket type CPU, customers can select the suitable CPU SKU based on their precise cost or performance need.

Memory Capacity. The 16 memory slots design in the FWA-6520 is an essential feature for in-memory data and deep packet processing across multiple network ports.